Monday, December 17, 2018

MailChimp deleted my account with no warning or notification

[See update at the bottom of the post.]

I make and sell a security product called the SC4-HSM which, among other things, acts as a FIDO U2F key.  A few days ago I was contacted by an independent security researcher named Christian Reitter saying (correctly) that he had discovered a security flaw that impacted a wide range of such keys.  It turned out that the SC4-HSM is not impacted by the flaw, so I waited for the information embargo period to end and went to send out a notice to my mailing list letting my customers know all was well and they didn't need to worry.  I keep my mailing list on MailChimp.  I don't use the account very often, but every time I have used it I have had no problems.

Today, however, when I went to log in to my account, I was met with the following message:
This account has been deactivated. To continue using Mailchimp, please create a new account with a new username. If you have questions, please contact compliance@mailchimp.com.
I went to my web site to see what a customer would experience if they tried to sign up for my list, and the result was the most unhelpful error message I have ever seen on the web (and that's saying something):


(Remember, this is what one of my prospective customers would see.  Such a person may or may not have a MailChimp account, most likely not, so what would be the point of going to a dashboard?  Assuming that button actually took you to a dashboard.  Which it doesn't.)

I was shocked.  As I said, I don't use my account very much, but I know it was active as of November 26 (three weeks ago) because someone signed up for my mailing list that week and I received a notification about that.  I went back through my mail archives to see if a warning or notification about this had gotten spam-filtered somehow.  Nope.  Nothing.

So the situation is this: MailChimp shut down my account without even notifying me, let alone warning me that this was about to happen.  At the same time, they turned the link on my site that prospective customers use to sign up for my mailing list into a dead link, and cut off my access to the existing list so I can no longer contact my existing customers.  The only way to contact MailChimp is by email (they don't have a phone number AFAICT).  I sent them an inquiry about this but they have not responded.

As if all that were not bad enough, there appears on the face of it to be no way to re-activate my account.  The only option given in the error message is  "To continue using Mailchimp, please create a new account with a new username."  If I take this error message at face value, my mailing list is gone forever.  WTAF MailChimp?

I really don't like to resort to public shaming, but this really is unacceptable.  Even if I do manage to get my account and/or mailing list back somehow, I don't see how I can ever rely on MailChimp for anything mission critical.  Pulling the rug out from under me like this is something you only get to do once.

UPDATE: MailChimp just now (as of 12/19 9:12 AM PST) reinstated my account.

15 comments:

ajx said...

Setup your own instance of postfix, opendkim, reverse dns, spf, dmarc and send the emails yourself...

Ron said...

Well, yes, obviously I'm going to do that going forward. But my immediate problem is that I have lost my customer list. Setting up a new email system is not going to fix that.

kazamatzuri said...

did you contact them?

Ron said...

> did you contact them?

Yes. And they responded saying that they would not restore my account.

TSG said...

Use http://openaccess.email next time

Unknown said...

It even says so right at the beginning of their Terms of Service:
"Mailchimp may refuse service, close accounts of any users, and change eligibility requirements at any time." And further down: "We may suspend the Service to you at any time, with or without cause. [...] If your account has been terminated, the username will no longer be available for use on any future accounts and cannot be reclaimed."

Good news is: you are eligible for a partial refund. (I assume you had a payed for plan?)

Unknown said...

Just discovered this post on HN.
I am appalled reading this!! How can someone keep your data hostage like this?
Especially (in this case) for no apparent mistake of yours! Really sad that a company like MailChimp who knows (or should know) what an Email list really means to a business would respond in such an irresponsible manner and deprive you of your own data.

I run an email marketing company called - SendX https://www.sendx.io and would be happy to help you in whatever way possible to get you up and running with Email Marketing again. Feel free to hit me up at mayank@sendx.io . Would personally ensure that our team helps you out with this asap.

Brian Dunbar said...

> I am appalled reading this!! How can someone keep your data hostage like this?

How do you bell the cat?

I thought about this once: the best solution I could come up with is dumping backups to [s3 bucket, dropbox]. Give the customer keys to the backup. Promise it will be there for 30 days after termination of service.

Unknown said...

Self-hosted, self-hosted, self-hosted ALWAYSSS AND FOREVER NO TRUST OTHERS FOR YOUR CUSTOMERS DATA, same applies for your CRM, ERP etc

Unknown said...

www.mautic.org open source, self hosted and better than mailchimp and similar.

Peter Donis said...

Setup your own instance of postfix, opendkim, reverse dns, spf, dmarc and send the emails yourself...

The problem with this solution is that Ron is trying to run a business. Even if he personally is able to do this himself, I don't think it makes business sense for him to have to. Someone in business should be able to focus on their core business, not have to set up personal one-off solutions to what should be solved problems that some other business is already providing as a service. That's how wealth is built in a free market: specialization and trade. But it only works if each specialist acts in good faith and understands the role they are playing in the overall cooperative wealth building scheme. What's sad to me in all this is that MailChimp seems to have no clue about this whatsoever.

Sid said...

It takes two clicks to export a list in mailchimp to a downloadable zip file. This isn't the first time I've heard something like this happening which is why I have a fortnightly reminder to backup our list. Sorry I know that doesn't help your present situation. Losing our list would destroy our non-profit.

Peter Donis said...

It takes two clicks to export a list in mailchimp to a downloadable zip file.

Is there a way to do it with zero clicks, i.e., by using an automated script instead of having to have a human do it? The best way to ensure that backups are made and updated is to take humans out of the loop.

Unknown said...

Was this issue ever resolved? The same exact thing just happened to me! Any info much appreciated.

Ron said...

@Unknown::

Yes. Read the update at the end of the post.